2 Answers
2

"If you have users that do not show in the SBS Console, you can get them to show by using the Change user role for user accounts wizard. It is important to notice that this wizard does much more than correctly “stamping” the user’s msSBSCreationState attribute. Using this wizard is only a work around to get the users to show in the SBS Console that were not created using the SBS provided tools. As shown above, the only recommended way adding new users are using the Add a new user account or Add multiple user accounts wizard."

I still have a question, what's the difference between User Role in SBS, and AD group like Domain Admin ?

You can think of SBS User Roles as a sort of macro for creating users. The SBS Role determines which OU the user account will be created in and which AD groups the new user will be a member of, whether they will have access to the SharePoint sites, whether thay will have RWW/VPN/Dial-in access, etc. In other words (oversimplifying a bit) when you create a new user from an SBS role, it's roughly equivalent to creating the new user account and adding it to a whole list of AD groups in one operation.

You could do all this manually in AD, but it's much easier to maintain this information in the SBS console. AD groups give permissions, SBS Roles define the user's role within the organisation and help you manage the users by grouping them into job functions. You can also change a user's role at any time, and the SBS console will ensure that all the AD group memberships remain correct.

SBS should always be configured using the SBS console. Don't be tempted to tweak outside that. Many enterprise admins succumb to that temptation because it's what they are used to, but on an SBS server that is a really quick way to screw things up.